summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoshua Powers <josh.powers@canonical.com>2017-03-14 15:28:08 -0600
committerScott Moser <smoser@brickies.net>2017-03-17 15:47:54 -0400
commit41950e902f5dd6cb3118280d3d27409812702e41 (patch)
tree892d617dab12876dd4b3e12e67cb1b43080e3bb4
parenta33447344eed897010603b3e8ea1fd122052de76 (diff)
downloadvyos-cloud-init-41950e902f5dd6cb3118280d3d27409812702e41.tar.gz
vyos-cloud-init-41950e902f5dd6cb3118280d3d27409812702e41.zip
test: Adding integratiron test for password as list
This adds an integration test for setting passwords when given as a list rather than a string. This also updates the docs and tests so that Random is now RANDOM as is correct.
-rwxr-xr-xcloudinit/config/cc_set_passwords.py4
-rw-r--r--tests/cloud_tests/configs/modules/set_password_list.yaml20
-rw-r--r--tests/cloud_tests/configs/modules/set_password_list_string.yaml37
-rw-r--r--tests/cloud_tests/testcases/base.py52
-rw-r--r--tests/cloud_tests/testcases/modules/set_password_list.py20
-rw-r--r--tests/cloud_tests/testcases/modules/set_password_list_string.py11
6 files changed, 117 insertions, 27 deletions
diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
index 16117048..8440e593 100755
--- a/cloudinit/config/cc_set_passwords.py
+++ b/cloudinit/config/cc_set_passwords.py
@@ -47,7 +47,7 @@ enabled, disabled, or left to system defaults using ``ssh_pwauth``.
chpasswd:
list: |
user1:password1
- user2:Random
+ user2:RANDOM
user3:password3
user4:R
@@ -57,7 +57,7 @@ enabled, disabled, or left to system defaults using ``ssh_pwauth``.
chpasswd:
list:
- user1:password1
- - user2:Random
+ - user2:RANDOM
- user3:password3
- user4:R
"""
diff --git a/tests/cloud_tests/configs/modules/set_password_list.yaml b/tests/cloud_tests/configs/modules/set_password_list.yaml
index 36129047..a1eadd75 100644
--- a/tests/cloud_tests/configs/modules/set_password_list.yaml
+++ b/tests/cloud_tests/configs/modules/set_password_list.yaml
@@ -6,22 +6,26 @@ cloud_config: |
ssh_pwauth: yes
users:
- name: tom
- password: $1$xyz$sPMsLNmf66Ohl.ol6JvzE.
+ # md5 gotomgo
+ passwd: "$1$S7$tT1BEDIYrczeryDQJfdPe0"
lock_passwd: false
- name: dick
- password: $1$xyz$sPMsLNmf66Ohl.ol6JvzE.
+ # md5 gocubsgo
+ passwd: "$1$ssisyfpf$YqvuJLfrrW6Cg/l53Pi1n1"
lock_passwd: false
- name: harry
- password: $1$xyz$sPMsLNmf66Ohl.ol6JvzE.
+ # sha512 goharrygo
+ passwd: "$6$LF$9Z2p6rWK6TNC1DC6393ec0As.18KRAvKDbfsGJEdWN3sRQRwpdfoh37EQ3yUh69tP4GSrGW5XKHxMLiKowJgm/"
lock_passwd: false
- name: jane
- password: $1$xyz$sPMsLNmf66Ohl.ol6JvzE.
+ # sha256 gojanego
+ passwd: "$5$iW$XsxmWCdpwIW8Yhv.Jn/R3uk6A4UaicfW5Xp7C9p9pg."
lock_passwd: false
chpasswd:
- list: |
- tom:mypassword123!
- dick:R
- harry:Random
+ list:
+ - tom:mypassword123!
+ - dick:RANDOM
+ - harry:RANDOM
collect_scripts:
shadow: |
#!/bin/bash
diff --git a/tests/cloud_tests/configs/modules/set_password_list_string.yaml b/tests/cloud_tests/configs/modules/set_password_list_string.yaml
new file mode 100644
index 00000000..cbb71bee
--- /dev/null
+++ b/tests/cloud_tests/configs/modules/set_password_list_string.yaml
@@ -0,0 +1,37 @@
+#
+# Set password of list of users as a string
+#
+cloud_config: |
+ #cloud-config
+ ssh_pwauth: yes
+ users:
+ - name: tom
+ # md5 gotomgo
+ passwd: "$1$S7$tT1BEDIYrczeryDQJfdPe0"
+ lock_passwd: false
+ - name: dick
+ # md5 gocubsgo
+ passwd: "$1$ssisyfpf$YqvuJLfrrW6Cg/l53Pi1n1"
+ lock_passwd: false
+ - name: harry
+ # sha512 goharrygo
+ passwd: "$6$LF$9Z2p6rWK6TNC1DC6393ec0As.18KRAvKDbfsGJEdWN3sRQRwpdfoh37EQ3yUh69tP4GSrGW5XKHxMLiKowJgm/"
+ lock_passwd: false
+ - name: jane
+ # sha256 gojanego
+ passwd: "$5$iW$XsxmWCdpwIW8Yhv.Jn/R3uk6A4UaicfW5Xp7C9p9pg."
+ lock_passwd: false
+ chpasswd:
+ list: |
+ tom:mypassword123!
+ dick:RANDOM
+ harry:RANDOM
+collect_scripts:
+ shadow: |
+ #!/bin/bash
+ cat /etc/shadow
+ sshd_config: |
+ #!/bin/bash
+ grep '^PasswordAuth' /etc/ssh/sshd_config
+
+# vi: ts=4 expandtab
diff --git a/tests/cloud_tests/testcases/base.py b/tests/cloud_tests/testcases/base.py
index 5395b9a3..51ce2b41 100644
--- a/tests/cloud_tests/testcases/base.py
+++ b/tests/cloud_tests/testcases/base.py
@@ -2,6 +2,7 @@
from cloudinit import util as c_util
+import crypt
import json
import unittest
@@ -14,6 +15,9 @@ class CloudTestCase(unittest.TestCase):
conf = None
_cloud_config = None
+ def shortDescription(self):
+ return None
+
@property
def cloud_config(self):
"""
@@ -78,4 +82,52 @@ class CloudTestCase(unittest.TestCase):
result = self.get_status_data(self.get_data_file('result.json'))
self.assertEqual(len(result['errors']), 0)
+
+class PasswordListTest(CloudTestCase):
+ def test_shadow_passwords(self):
+ shadow = self.get_data_file('shadow')
+ users = {}
+ dupes = []
+ for line in shadow.splitlines():
+ user, encpw = line.split(":")[0:2]
+ if user in users:
+ dupes.append(user)
+ users[user] = encpw
+
+ jane_enc = "$5$iW$XsxmWCdpwIW8Yhv.Jn/R3uk6A4UaicfW5Xp7C9p9pg."
+ self.assertEqual([], dupes)
+ self.assertEqual(jane_enc, users['jane'])
+
+ # shadow entry is $N$salt$, so we encrypt with the same format
+ # and salt and expect the result.
+ tom = "mypassword123!"
+ fmtsalt = users['tom'][0:users['tom'].rfind("$") + 1]
+ tom_enc = crypt.crypt(tom, fmtsalt)
+ self.assertEqual(tom_enc, users['tom'])
+
+ harry_enc = ("$6$LF$9Z2p6rWK6TNC1DC6393ec0As.18KRAvKDbfsG"
+ "JEdWN3sRQRwpdfoh37EQ3yUh69tP4GSrGW5XKHxMLiKowJgm/")
+ dick_enc = "$1$ssisyfpf$YqvuJLfrrW6Cg/l53Pi1n1"
+
+ # these should have been changed to random values.
+ self.assertNotEqual(harry_enc, users['harry'])
+ self.assertTrue(users['harry'].startswith("$"))
+ self.assertNotEqual(dick_enc, users['dick'])
+ self.assertTrue(users['dick'].startswith("$"))
+
+ self.assertNotEqual(users['harry'], users['dick'])
+
+ def test_shadow_expected_users(self):
+ """Test every tom, dick, and harry user in shadow"""
+ out = self.get_data_file('shadow')
+ self.assertIn('tom:', out)
+ self.assertIn('dick:', out)
+ self.assertIn('harry:', out)
+ self.assertIn('jane:', out)
+
+ def test_sshd_config(self):
+ """Test sshd config allows passwords"""
+ out = self.get_data_file('sshd_config')
+ self.assertIn('PasswordAuthentication yes', out)
+
# vi: ts=4 expandtab
diff --git a/tests/cloud_tests/testcases/modules/set_password_list.py b/tests/cloud_tests/testcases/modules/set_password_list.py
index b764362f..6819d259 100644
--- a/tests/cloud_tests/testcases/modules/set_password_list.py
+++ b/tests/cloud_tests/testcases/modules/set_password_list.py
@@ -4,22 +4,8 @@
from tests.cloud_tests.testcases import base
-class TestPasswordList(base.CloudTestCase):
- """Test password module"""
-
- # TODO: Verify dick and harry passwords are random
- # TODO: Verify tom's password was changed
-
- def test_shadow(self):
- """Test every tom, dick, and harry user in shadow"""
- out = self.get_data_file('shadow')
- self.assertIn('tom:', out)
- self.assertIn('dick:', out)
- self.assertIn('harry:', out)
-
- def test_sshd_config(self):
- """Test sshd config allows passwords"""
- out = self.get_data_file('sshd_config')
- self.assertIn('PasswordAuthentication yes', out)
+class TestPasswordList(base.PasswordListTest, base.CloudTestCase):
+ """Test password setting via list in chpasswd/list"""
+ __test__ = True
# vi: ts=4 expandtab
diff --git a/tests/cloud_tests/testcases/modules/set_password_list_string.py b/tests/cloud_tests/testcases/modules/set_password_list_string.py
new file mode 100644
index 00000000..2c34fada
--- /dev/null
+++ b/tests/cloud_tests/testcases/modules/set_password_list_string.py
@@ -0,0 +1,11 @@
+# This file is part of cloud-init. See LICENSE file for license information.
+
+"""cloud-init Integration Test Verify Script"""
+from tests.cloud_tests.testcases import base
+
+
+class TestPasswordListString(base.PasswordListTest, base.CloudTestCase):
+ """Test password setting via string in chpasswd/list"""
+ __test__ = True
+
+# vi: ts=4 expandtab